Overview
McDermott’s world-class Global Privacy and Cybersecurity team includes more than 50 privacy and cybersecurity lawyers advising clients on the statutory, regulatory and enforcement regimes that govern the collection, use and disclosure of data in the United States, Europe, Asia and elsewhere.
We have extensive experience advising on the full range of data privacy and protection laws, industry standards and issues. Our lawyers regularly counsel clients on US and international data-use issues, data transfers, and privacy compliance under US and foreign laws. We conduct in-depth privacy/cybersecurity risk assessments, often in the context of mergers, acquisitions and other domestic and cross-border transactions.
In the event of data breaches or alleged improper use of data, we provide swift, effective cybersecurity incident response and represent clients in litigation and government investigations. Our practice includes lawyers with deep experience in health care data privacy and related litigation. Among recent examples of our trial and appellate work, we obtained a victory before the US Supreme Court in one of the most important recent privacy cases, Gobeille v. Liberty Mutual, in which the court held that self-funded insurance plans are exempt from a Vermont law purporting to compel disclosure of health information to the state.
Several of our privacy lawyers have won awards or recognitions in the privacy field, including honors from The National Law Journal, The Legal 500 UK, Chambers USA and other leading journals and legal ratings agencies.
Our team’s experience includes:
- Handling hundreds of cyber incidents, including massive data breaches involving all 50 US states and over 100 countries
- Representing clients in privacy and cybersecurity litigation and government investigations regarding the collection, use or exposure of consumer, patient and other information
- Coordinating with EU, US and other national regulators on cyber incidents
- Developing data privacy management programs
- Advising executives and boards of directors on cyber-risk priorities and facilitating breach tabletop exercises for key leadership
- Conducting privacy due diligence in M&A transactions and structuring deal terms to mitigate risk
- Establishing and upgrading incident-response policies
- Creating vendor risk protocols and contract provisions
- Assessing privacy/cybersecurity risks facing employee benefit plans
- Evaluating the EU/US Privacy Shield and other data-transfer alternatives and implementation strategies
- Advising on compliance with the EU’s General Data Protection Regulation (GDPR)